@awsless/cli 0.0.1

package/dist/dist-es-TCFHB4OF.js

@@ -0,0 +1,324 @@
+import {
+  getProfileName,
+  getSSOTokenFilepath,
+  getSSOTokenFromFile,
+  loadSsoSessionData,
+  parseKnownFiles
+} from "./chunk-XNYTWFP6.js";
+import {
+  setCredentialFeature
+} from "./chunk-E7FQOYML.js";
+import {
+  CredentialsProviderError,
+  ProviderError
+} from "./chunk-2TBBLACH.js";
+import "./chunk-SIAA4J6H.js";
+
+// ../../node_modules/.pnpm/@smithy+property-provider@4.2.12/node_modules/@smithy/property-provider/dist-es/TokenProviderError.js
+var TokenProviderError = class _TokenProviderError extends ProviderError {
+  name = "TokenProviderError";
+  constructor(message, options = true) {
+    super(message, options);
+    Object.setPrototypeOf(this, _TokenProviderError.prototype);
+  }
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.972.28_aws-crt@1.30.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js
+var isSsoProfile = (arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string");
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/constants.js
+var EXPIRE_WINDOW_MS = 5 * 60 * 1e3;
+var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js
+var getSsoOidcClient = async (ssoRegion, init = {}, callerClientConfig) => {
+  const { SSOOIDCClient } = await import("./sso-oidc-5IIWGKXY.js");
+  const coalesce = (prop) => init.clientConfig?.[prop] ?? init.parentClientConfig?.[prop] ?? callerClientConfig?.[prop];
+  const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {
+    region: ssoRegion ?? init.clientConfig?.region,
+    logger: coalesce("logger"),
+    userAgentAppId: coalesce("userAgentAppId")
+  }));
+  return ssoOidcClient;
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js
+var getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}, callerClientConfig) => {
+  const { CreateTokenCommand } = await import("./sso-oidc-5IIWGKXY.js");
+  const ssoOidcClient = await getSsoOidcClient(ssoRegion, init, callerClientConfig);
+  return ssoOidcClient.send(new CreateTokenCommand({
+    clientId: ssoToken.clientId,
+    clientSecret: ssoToken.clientSecret,
+    refreshToken: ssoToken.refreshToken,
+    grantType: "refresh_token"
+  }));
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js
+var validateTokenExpiry = (token) => {
+  if (token.expiration && token.expiration.getTime() < Date.now()) {
+    throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);
+  }
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js
+var validateTokenKey = (key, value, forRefresh = false) => {
+  if (typeof value === "undefined") {
+    throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, false);
+  }
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js
+import { promises as fsPromises } from "fs";
+var { writeFile } = fsPromises;
+var writeSSOTokenToFile = (id, ssoToken) => {
+  const tokenFilepath = getSSOTokenFilepath(id);
+  const tokenString = JSON.stringify(ssoToken, null, 2);
+  return writeFile(tokenFilepath, tokenString);
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.1021.0_aws-crt@1.30.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js
+var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0);
+var fromSso = (init = {}) => async ({ callerClientConfig } = {}) => {
+  init.logger?.debug("@aws-sdk/token-providers - fromSso");
+  const profiles = await parseKnownFiles(init);
+  const profileName = getProfileName({
+    profile: init.profile ?? callerClientConfig?.profile
+  });
+  const profile = profiles[profileName];
+  if (!profile) {
+    throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);
+  } else if (!profile["sso_session"]) {
+    throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);
+  }
+  const ssoSessionName = profile["sso_session"];
+  const ssoSessions = await loadSsoSessionData(init);
+  const ssoSession = ssoSessions[ssoSessionName];
+  if (!ssoSession) {
+    throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);
+  }
+  for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) {
+    if (!ssoSession[ssoSessionRequiredKey]) {
+      throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);
+    }
+  }
+  const ssoStartUrl = ssoSession["sso_start_url"];
+  const ssoRegion = ssoSession["sso_region"];
+  let ssoToken;
+  try {
+    ssoToken = await getSSOTokenFromFile(ssoSessionName);
+  } catch (e) {
+    throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);
+  }
+  validateTokenKey("accessToken", ssoToken.accessToken);
+  validateTokenKey("expiresAt", ssoToken.expiresAt);
+  const { accessToken, expiresAt } = ssoToken;
+  const existingToken = { token: accessToken, expiration: new Date(expiresAt) };
+  if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {
+    return existingToken;
+  }
+  if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) {
+    validateTokenExpiry(existingToken);
+    return existingToken;
+  }
+  validateTokenKey("clientId", ssoToken.clientId, true);
+  validateTokenKey("clientSecret", ssoToken.clientSecret, true);
+  validateTokenKey("refreshToken", ssoToken.refreshToken, true);
+  try {
+    lastRefreshAttemptTime.setTime(Date.now());
+    const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init, callerClientConfig);
+    validateTokenKey("accessToken", newSsoOidcToken.accessToken);
+    validateTokenKey("expiresIn", newSsoOidcToken.expiresIn);
+    const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3);
+    try {
+      await writeSSOTokenToFile(ssoSessionName, {
+        ...ssoToken,
+        accessToken: newSsoOidcToken.accessToken,
+        expiresAt: newTokenExpiration.toISOString(),
+        refreshToken: newSsoOidcToken.refreshToken
+      });
+    } catch (error) {
+    }
+    return {
+      token: newSsoOidcToken.accessToken,
+      expiration: newTokenExpiration
+    };
+  } catch (error) {
+    validateTokenExpiry(existingToken);
+    return existingToken;
+  }
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.972.28_aws-crt@1.30.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js
+var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
+var resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, callerClientConfig, profile, filepath, configFilepath, ignoreCache, logger }) => {
+  let token;
+  const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
+  if (ssoSession) {
+    try {
+      const _token = await fromSso({
+        profile,
+        filepath,
+        configFilepath,
+        ignoreCache
+      })();
+      token = {
+        accessToken: _token.token,
+        expiresAt: new Date(_token.expiration).toISOString()
+      };
+    } catch (e) {
+      throw new CredentialsProviderError(e.message, {
+        tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
+        logger
+      });
+    }
+  } else {
+    try {
+      token = await getSSOTokenFromFile(ssoStartUrl);
+    } catch (e) {
+      throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {
+        tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
+        logger
+      });
+    }
+  }
+  if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
+    throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {
+      tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
+      logger
+    });
+  }
+  const { accessToken } = token;
+  const { SSOClient, GetRoleCredentialsCommand } = await import("./loadSso-O7PM54HL.js");
+  const sso = ssoClient || new SSOClient(Object.assign({}, clientConfig ?? {}, {
+    logger: clientConfig?.logger ?? callerClientConfig?.logger ?? parentClientConfig?.logger,
+    region: clientConfig?.region ?? ssoRegion,
+    userAgentAppId: clientConfig?.userAgentAppId ?? callerClientConfig?.userAgentAppId ?? parentClientConfig?.userAgentAppId
+  }));
+  let ssoResp;
+  try {
+    ssoResp = await sso.send(new GetRoleCredentialsCommand({
+      accountId: ssoAccountId,
+      roleName: ssoRoleName,
+      accessToken
+    }));
+  } catch (e) {
+    throw new CredentialsProviderError(e, {
+      tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
+      logger
+    });
+  }
+  const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} } = ssoResp;
+  if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
+    throw new CredentialsProviderError("SSO returns an invalid temporary credential.", {
+      tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
+      logger
+    });
+  }
+  const credentials = {
+    accessKeyId,
+    secretAccessKey,
+    sessionToken,
+    expiration: new Date(expiration),
+    ...credentialScope && { credentialScope },
+    ...accountId && { accountId }
+  };
+  if (ssoSession) {
+    setCredentialFeature(credentials, "CREDENTIALS_SSO", "s");
+  } else {
+    setCredentialFeature(credentials, "CREDENTIALS_SSO_LEGACY", "u");
+  }
+  return credentials;
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.972.28_aws-crt@1.30.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js
+var validateSsoProfile = (profile, logger) => {
+  const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
+  if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
+    throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}
+Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });
+  }
+  return profile;
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.972.28_aws-crt@1.30.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js
+var fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {
+  init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");
+  const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
+  const { ssoClient } = init;
+  const profileName = getProfileName({
+    profile: init.profile ?? callerClientConfig?.profile
+  });
+  if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
+    const profiles = await parseKnownFiles(init);
+    const profile = profiles[profileName];
+    if (!profile) {
+      throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });
+    }
+    if (!isSsoProfile(profile)) {
+      throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {
+        logger: init.logger
+      });
+    }
+    if (profile?.sso_session) {
+      const ssoSessions = await loadSsoSessionData(init);
+      const session = ssoSessions[profile.sso_session];
+      const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;
+      if (ssoRegion && ssoRegion !== session.sso_region) {
+        throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {
+          tryNextLink: false,
+          logger: init.logger
+        });
+      }
+      if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
+        throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {
+          tryNextLink: false,
+          logger: init.logger
+        });
+      }
+      profile.sso_region = session.sso_region;
+      profile.sso_start_url = session.sso_start_url;
+    }
+    const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);
+    return resolveSSOCredentials({
+      ssoStartUrl: sso_start_url,
+      ssoSession: sso_session,
+      ssoAccountId: sso_account_id,
+      ssoRegion: sso_region,
+      ssoRoleName: sso_role_name,
+      ssoClient,
+      clientConfig: init.clientConfig,
+      parentClientConfig: init.parentClientConfig,
+      callerClientConfig: init.callerClientConfig,
+      profile: profileName,
+      filepath: init.filepath,
+      configFilepath: init.configFilepath,
+      ignoreCache: init.ignoreCache,
+      logger: init.logger
+    });
+  } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
+    throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', { tryNextLink: false, logger: init.logger });
+  } else {
+    return resolveSSOCredentials({
+      ssoStartUrl,
+      ssoSession,
+      ssoAccountId,
+      ssoRegion,
+      ssoRoleName,
+      ssoClient,
+      clientConfig: init.clientConfig,
+      parentClientConfig: init.parentClientConfig,
+      callerClientConfig: init.callerClientConfig,
+      profile: profileName,
+      filepath: init.filepath,
+      configFilepath: init.configFilepath,
+      ignoreCache: init.ignoreCache,
+      logger: init.logger
+    });
+  }
+};
+export {
+  fromSSO,
+  isSsoProfile,
+  validateSsoProfile
+};

package/dist/dist-es-YFQTZTNE.js

@@ -0,0 +1,167 @@
+import {
+  sdkStreamMixin
+} from "./chunk-DSXFE5X2.js";
+import {
+  NodeHttpHandler,
+  parseRfc3339DateTime
+} from "./chunk-7NRPMOO4.js";
+import {
+  HttpRequest
+} from "./chunk-5TWBDDXS.js";
+import "./chunk-ZKH7AMP3.js";
+import {
+  setCredentialFeature
+} from "./chunk-E7FQOYML.js";
+import {
+  CredentialsProviderError
+} from "./chunk-2TBBLACH.js";
+import "./chunk-SIAA4J6H.js";
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-http@3.972.26/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js
+import fs from "fs/promises";
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-http@3.972.26/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/checkUrl.js
+var ECS_CONTAINER_HOST = "169.254.170.2";
+var EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
+var EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
+var checkUrl = (url, logger) => {
+  if (url.protocol === "https:") {
+    return;
+  }
+  if (url.hostname === ECS_CONTAINER_HOST || url.hostname === EKS_CONTAINER_HOST_IPv4 || url.hostname === EKS_CONTAINER_HOST_IPv6) {
+    return;
+  }
+  if (url.hostname.includes("[")) {
+    if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") {
+      return;
+    }
+  } else {
+    if (url.hostname === "localhost") {
+      return;
+    }
+    const ipComponents = url.hostname.split(".");
+    const inRange = (component) => {
+      const num = parseInt(component, 10);
+      return 0 <= num && num <= 255;
+    };
+    if (ipComponents[0] === "127" && inRange(ipComponents[1]) && inRange(ipComponents[2]) && inRange(ipComponents[3]) && ipComponents.length === 4) {
+      return;
+    }
+  }
+  throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
+  - loopback CIDR 127.0.0.0/8 or [::1/128]
+  - ECS container host 169.254.170.2
+  - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger });
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-http@3.972.26/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/requestHelpers.js
+function createGetRequest(url) {
+  return new HttpRequest({
+    protocol: url.protocol,
+    hostname: url.hostname,
+    port: Number(url.port),
+    path: url.pathname,
+    query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {
+      acc[k] = v;
+      return acc;
+    }, {}),
+    fragment: url.hash
+  });
+}
+async function getCredentials(response, logger) {
+  const stream = sdkStreamMixin(response.body);
+  const str = await stream.transformToString();
+  if (response.statusCode === 200) {
+    const parsed = JSON.parse(str);
+    if (typeof parsed.AccessKeyId !== "string" || typeof parsed.SecretAccessKey !== "string" || typeof parsed.Token !== "string" || typeof parsed.Expiration !== "string") {
+      throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: { AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger });
+    }
+    return {
+      accessKeyId: parsed.AccessKeyId,
+      secretAccessKey: parsed.SecretAccessKey,
+      sessionToken: parsed.Token,
+      expiration: parseRfc3339DateTime(parsed.Expiration)
+    };
+  }
+  if (response.statusCode >= 400 && response.statusCode < 500) {
+    let parsedBody = {};
+    try {
+      parsedBody = JSON.parse(str);
+    } catch (e) {
+    }
+    throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {
+      Code: parsedBody.Code,
+      Message: parsedBody.Message
+    });
+  }
+  throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });
+}
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-http@3.972.26/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/retry-wrapper.js
+var retryWrapper = (toRetry, maxRetries, delayMs) => {
+  return async () => {
+    for (let i = 0; i < maxRetries; ++i) {
+      try {
+        return await toRetry();
+      } catch (e) {
+        await new Promise((resolve) => setTimeout(resolve, delayMs));
+      }
+    }
+    return await toRetry();
+  };
+};
+
+// ../../node_modules/.pnpm/@aws-sdk+credential-provider-http@3.972.26/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js
+var AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
+var DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
+var AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
+var AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
+var AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
+var fromHttp = (options = {}) => {
+  options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
+  let host;
+  const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
+  const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
+  const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
+  const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
+  const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger?.warn ? console.warn : options.logger.warn.bind(options.logger);
+  if (relative && full) {
+    warn("@aws-sdk/credential-provider-http: you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
+    warn("awsContainerCredentialsFullUri will take precedence.");
+  }
+  if (token && tokenFile) {
+    warn("@aws-sdk/credential-provider-http: you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
+    warn("awsContainerAuthorizationToken will take precedence.");
+  }
+  if (full) {
+    host = full;
+  } else if (relative) {
+    host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;
+  } else {
+    throw new CredentialsProviderError(`No HTTP credential provider host provided.
+Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });
+  }
+  const url = new URL(host);
+  checkUrl(url, options.logger);
+  const requestHandler = NodeHttpHandler.create({
+    requestTimeout: options.timeout ?? 1e3,
+    connectionTimeout: options.timeout ?? 1e3
+  });
+  return retryWrapper(async () => {
+    const request = createGetRequest(url);
+    if (token) {
+      request.headers.Authorization = token;
+    } else if (tokenFile) {
+      request.headers.Authorization = (await fs.readFile(tokenFile)).toString();
+    }
+    try {
+      const result = await requestHandler.handle(request);
+      return getCredentials(result.response).then((creds) => setCredentialFeature(creds, "CREDENTIALS_HTTP", "z"));
+    } catch (e) {
+      throw new CredentialsProviderError(String(e), { logger: options.logger });
+    }
+  }, options.maxRetries ?? 3, options.timeout ?? 1e3);
+};
+export {
+  fromHttp
+};